Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release Notes

search

Release Notes

Product Description

CipherTrust Vaulted Tokenization (CT-V) supplements Thales encryption solutions by facilitating smooth application performance and transparent end-user operation while keeping encrypted information secure in one central location. For countries with data privacy laws that require sensitive data remain in country, tokenization offers the flexibility to offshore storage without compromising compliance. CT-V also helps simplify audit compliance by reducing the number of auditable systems.

Release Description

This release includes a new feature and the bug fixes listed below.

Note

  • The JDBC drivers for MySQL, Informix, Oracle, and SQL Server databases (mysql-connector-j-x.x.x.jar, jdbc-x.x.x.x.jar, ojdbc8-x.x.x.x.x.jar, and mssql-jdbc-x.x.x.jre8.jar files respectively), are no longer part of the CT-V package. To use CT-V with these databases, refer to the installation section.

  • SAP-TM Integration has not been validated with CT-V 8.13.2 release.

New Features and Enhancements

Added Gradual Database Password Rollover support for Oracle 21c and higher. See Gradual Database Password Rollover.

Deprecated Support

Support for KeySecure has been deprecated.

Supported Databases

DatabaseVersion
Oracle19c, 21c, and 23ai
SQLServer2016, 2019, and 2022
MYSQL8.0 and above
Informix12.10

Advisory Notes

  • Enable SSL communications between CT-V and Microsoft SQL Server

    To enable SSL communications between CT-V and Microsoft SQL Server, edit the SafeNetToken.properties and set the DatabaseType=SQLServerSSL. If using the Web service, restart Tomcat so that the CT-V jar file will be reloaded with the new property value. The JDBC driver will use SQL Server's self-signed certificate.

  • Multi-threading

    By default, CT-V automatically splits insert, get, and getToken batches larger than 2000 into multiple threads and executes them in parallel. In these scenarios, adding multithreading to your application may not be necessary.

    When using CT-V in a multithreaded application, it is recommended to use use no more than 10 threads per single CPU machine.

  • Oracle batch jobs

    It is recommended to execute the analyze table command after running the first batch job on a token vault in an Oracle database.

    For example:

    analyze table <your_token_vault_table> compute statistics;

    If this command is not used, performance will degrade after running batches between 5000 and 10000 rows. When using the CT-V Web service, this performance degradation will cause a Read Timeout Exception.

  • For MySQL database

    • If a token vault contains multiple entries of the same plaintext with different custom data, CT-V 8.13.2 cannot be used with these token vaults.

    • You must upgrade the existing token vaults to make them compatible with CT-V 8.13.2.

    • Non-idempotent token vaults are not supported.

Issues Severity and Classification

The following table serves as a key to the severity and classification of the issues listed in the Known Issues table:

SeverityClassificationDefinition
CCriticalNo reasonable workaround exists.
HHighReasonable workaround exists.
MMediumMedium-level priority problems.
LLowLow-level priority problems.

Resolved Issue

SeverityIssueDescription
HCADP-23902Tokenization fails with the following exception when the input value contains special characters including one or more spaces (for example, @@ @@ @@@):
No new tokens can be generated after 100 resolution attempts; either the generated token matches the plain value, or the token starts with 0.
MCADP-25425Timestamp doesn't get updated in the CTV logs when using Java logger.

Known Issues

SeverityIssueSynopsis
MCADP-20526Java logger in REST Web Services is not working without log4j jars.
MCADP-6120The Verify_SSL_Certificate parameter does not work with Java 17.
MTM-8496CT-V does not throw an exception when the insert API is used with sequential vault with formats other than SEQUENTIAL_TOKEN in the Oracle database.

Summary: When the insert API is used with sequential vault with formats other than SEQUENTIAL_TOKEN, CT-V does not throw an exception. Ideally, CT-V should throw an error.
LTM-8521Bulk detokenization header message prints tokens instead of detokens.

Summary: While performing bulk detokenization, header message prints number of tokens instead of number of detokens.
LTM-8535Local mode throws exceptions in multithreaded environment.

Summary: When running CADP for Java 8.5 in local mode for multiple threads, following errors are encountered:

com.ingrian.security.nae.NAEException: Cipher not initialized.

javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher.
MTM-7572Windows authentication - DB to DB migration fails with Active Directory user.

Summary: DB-to-DB bulk migration fails on using active directory user for database user.
MTM-7186SQL Server - Token created on passing string of length 2000 in SQL Server.

Summary: SQL Server supports a default token length of 256. If a token is created of length higher than 256, the token is created of default length 256 thus ignoring the given input data length.
MTM-7029getTokenByDate is effective on date but not on time.

Summary: getTokenByDate API is applicable on date but not on time.
LTM-6858.NET installer 32 bit is not working with Windows Server 2012 64-bit.

Summary: On installing CT-V with .NET installer (32-bit) on Windows Server 2012 64-bit, the following message is being displayed:

The operating system is not adequate in running CipherTrust Vaulted Tokenization”.

But same .NET installer (32-bit) is working with Windows Server 2008 64-bit.
MTM-6979getTokenByDate API not working with batch custom data.

Summary: getTokenByDate API is not working with batch custom data.
MTM-6945CT-V not replicating tokens to local site on calling get() API.
MTM-6601The getTokensByDate() API retrieves token from the local site even when CT-V is configured for the multi-site feature.

Summary: The getTokensByDate() API retrieves token from the local site even if the multi-site feature is configured on CipherTrust Vaulted Tokenization.
M117848
117846		CT-V requires c3p0 settings and retry logic code when failover occurs in Oracle RAC environment.

Summary: Calls to get(), insert(), update(), deleteToken(), and deleteValue() will not failover when the database server goes down.

Workaround: To work around this issue:

1. Set the following c3p0 parameters in the SfntDbp.properties file:

  • c3p0.testConnectionOnCheckin=true
  • c3p0.idleConnectionTestPeriod=10
  • c3p0.preferredTestQuery=select * from dual

2. Place the API call in the try block and decrement the loop counter in the catch block to retry for the same input value as shown in Retry Logic Code below:
while (true) {
for (int loop = 0; loop < 10000; loop++)
{  data_toTokenize = data_toTokenize + loop;
try {
token = ts.insert(data_toTokenize,dbTable,format, true);
System.out.println("Token #"+loop+" Original Data "+data_toTokenize+" in newformat: " + token);
}
catch (Exception e) {
System.out.println("Token #"+loop+" Original Data "+data_toTokenize+" in new format: " + token+" FAILED");
e.printStackTrace();
//For retrying for the same input value
loop--;
}
}
}

Compatibility and Upgrade Information

CT-V 8.13.2 is compatible with CipherTrust Manager 2.11 and higher versions.

Installation and Upgrade Instructions

Refer to CipherTrust Manager User Guide for complete installation and upgrade instructions for the server, and CipherTrust Vaulted Tokenization User Guide for the client and token vault details.

On this page